Skip to content

bug(cloudformation): query "DB Security Group Open To Large Scope" triggers on /24 CIDR #7988

New issue
New issue
Open
Open
bug(cloudformation): query "DB Security Group Open To Large Scope" triggers on /24 CIDR#7988
Labels
awsPR related with AWS CloudbugSomething isn't workingcloudformationCloudFormation querycommunityCommunity contributionqueryNew query feature
@lmbruder-sidn

Description

@lmbruder-sidn
lmbruder-sidn
opened on Mar 9, 2026

Expected Behavior

The description of query "DB Security Group Open To Large Scope" is "The IP address in a DB Security Group must not have more than 256 hosts.".
Based on this you would expect it to be detected on CIDRs with a prefix length of 23 or shorter.

Actual Behavior

This vulnerability is detected on a /24 CIDR, which is a subnet with 256 hosts.

Steps to Reproduce the Problem

Run kics on a security group attached to a EC2 instance and specify a subnet with a prefix length of /24.

Resources:
   myInstance:
     Type: 'AWS::EC2::Instance'
     Properties: 
        ImageId: ami-0a70b9d193ae8a799
        InstanceType: t2.micro
        SecurityGroupIds:
          - !Ref myInstanceSecurityGroup

   myInstanceSecurityGroup:
      Type: AWS::EC2::SecurityGroup
      Properties:
          GroupDescription: SG to test ping
          SecurityGroupIngress:
          - IpProtocol: tcp
            FromPort: 22
            ToPort: 22
            CidrIp: 10.0.0.0/24

Specifications

Current version built from source.

./bin/kics version  
Keeping Infrastructure as Code Secure snapshot-e1f23cad

Metadata

Metadata

Assignees

No one assigned

    Labels

    awsPR related with AWS CloudbugSomething isn't workingcloudformationCloudFormation querycommunityCommunity contributionqueryNew query feature

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions